* chore(kv): add failing test for session renewal extension
* fix(kv): ensure renew session only updates expiration if it is newer than existing
* chore: update changelog to reflect renew session expiration fix
At the moment, the default session length only gets set to the default
when no service config is specified. So if a service config is used and
it does not set a value for the session length, then the session length
will be zero.
This modifies the creation of the kv service so that it will set the
default session length if the session length is set to zero (the default
value) instead of only doing it when no service config is specified.
Renaming Generate in anticipation of a new method that will onboard
users other than the initial user. The intent is to simplify multi-user
setups.
Co-authored-by: Chris Goller <goller@gmail.com>
* feat(kv): migration types for managing kv buckets and indexes over time
chore(kv): fixup comments in migrator types
fix(kv): initialize migrator bucket on kv service initialize
chore(kv): remove currently unused auth index
chore(kv): remove currently unused urm index
* chore(kv): move migrator tests into testing package and run for inmem and bolt
* chore(changelog): update changelog to reflect kv migrator type
* fix(kv): update auto migration store to return migratable store
* chore(kv): wrap error using func instead of defer in index
* chore(kv): rename Name method to MigrationName for clarity
* chore(kv): update migration log messages to match influxdb standard
* fix: allow authorized label service to be called indirectly
17071 exists because pkger loads all service resources as authorized on
start, resulting in them all being authorized when referenced indirectly
(not hit directly via api by consumer). Rather than restructure pkger to
only authorize direct services, this allows proper indirect auth to
labels (the cause of 17071).
* Add orgService to tests
* Add resource types to find orgID from
* feat(kv): new index type for managing kv indexes
* feat(kv): index verify diff now can produce list of corrupt foreign keys
* fix(testing): refactor kv index tests into testing package and integrate with bolt
* chore(kv): fix go lint error in index
* fix(kv): add test for index walk
* fix(kv): change index cursing strategy to reduce calls to source bkt.Get
* feat(kv): add delete and populate remove dangling foreign keys to index
In the past, the default was only being set if a service config wasn't
provided. But if a service config was provided and gave a zero value, it
would not fill in the default value. This changes the code so that it
will always set the default value if the session length is set to zero.
This moves a few types and constants to the global package so it can be
used without importing the `task/backend` package. These constants are
referenced in non tasks-specific code.
This is needed to break a dependency chain where the task backend will
call into the flux runtime to perform parsing or evaluation of a script
and to prevent the http package from inheriting that dependency.
The tasks subsystem will now use the flux language service to parse and
evaluate flux instead of directly interacting with the parser or
runtime. This helps break the dependency on the libflux parser for the
base influxdb package.
This includes the task notification packages which were changed at the
same time.
* Revert "fix(kv): Don't stop when key not found from index."
This reverts commit bd9167d383.
* Revert "fix(kv): push down org ID to skip in delete URM (#16841)"
This reverts commit a5f508de77.
* Revert "fix(kv): delete authorization from correct index bucket (#16835)"
This reverts commit 7349216e94.
* Revert "feat(kv): Index Authorizations by User ID (#16818)"
This reverts commit df36fe957b.
* Revert "feat: add indexes to urm for user lookups (#16789)"
This reverts commit 9561d0a4f4.
* fix(kv): push down org ID to skip in delete URM
* fix(kv): use database key rather than resource id
We are trying to skip deletes that would remove keys
that have already been deleted. This is a rather
extreme approach and I believe we should think about how
to fix user-resource-mappings.
Co-authored-by: Lyon Hill <lyondhill@gmail.com>
Signed-off-by: Chris Goller <goller@gmail.com>
Co-authored-by: George <me@georgemac.com>
Co-authored-by: Lyon Hill <lyondhill@gmail.com>
* fix(kv): delete authorization from correct index bucket
* fix(kv): return not found code when user resource mapping indexed by not in source
* chore(kv): define failing test for URM on delete
* feat(kv): add user id index on authorizations
* chore(auths): test FindAuthorizations both with and without a populated index
* chore(kv): cleanup index skipping flag in auths service
* fix(kv): bad flag around auth by user index population
* fix(kv): auth by user index lookup use correct buckets
* chore(kv): ensure indexer is called as expected when auth user index missing
* chore(kv): add benchmarks around authorization lookup
* feat(kv): Create a indexer to allow the addition of indexes
This will allow the population of indexes to be incremental and allow
for a rolling update to the index's to be handled cleanly.
* Begin implementing retreival of telegraf plugin stats
* Implement storing/deletion of telegraf plugin stats
* Test plugin stats
* Initialize plugins bucket for tests
* Add comment
* Shorten time and frequency in bolt when providing telegraf plugins metrics
* Simplify ticker loop
* Leak underlying ticker while still satisfying linter
* fix(kv): Update scrapers to use new forward cursor
I also made a minor update to move a db lookup outside of a for loop to save
time and optimize
* fix(inmem): fix a potential race condition
* feat(backup): `influx backup` creates data backup
* feat(backup): initial restore work
* feat(restore): initial restore impl
Adds a restore tool which does offline restore of data and metadata.
* fix(restore): pr cleanup
* fix(restore): fix data dir creation
* fix(restore): pr cleanup
* chore: amend CHANGELOG
* fix: restore to empty dir fails differently
* feat(backup): backup and restore credentials
Saves the credentials file to backups and restores it from backups.
Additionally adds some logging for errors when fetching backup files.
* fix(restore): add missed commit
* fix(restore): pr cleanup
* fix(restore): fix default credentials restore path
* fix(backup): actually copy the credentials file for the backup
* fix: dirs get 0777, files get 0666
* fix: small review feedback
Co-authored-by: tmgordeeva <tanya@influxdata.com>
* feat(checks): Add custom check type
* feat(checks): Remove alert builder from custom check
* feat(checks): Add AlertBuilderAction to list of possible actions
* feat(checks): Query visualization does not make sense for custom check
* feat(check): check editor should only reexecute queries if view query changes
* Update ui/src/timeMachine/components/TimeMachineFluxEditor.tsx
Co-Authored-By: Bucky Schwarz <hoorayimhelping@users.noreply.github.com>
* Address PR review
Co-authored-by: Bucky Schwarz <hoorayimhelping@users.noreply.github.com>
issue here is that the unique by name index for variables was implemented
and has the same functionality about it that this orgs index has. The duplicative
orgs index was nuked. The migration to hydrate the org/name index never
happened. This is a stop gap until that migration is in place.
this is work moving us towards more reusable components that add some
rigidity around handling indexes and the entity bucket. The behavior
is very common across much of the kv pkg. This can be reused throughout.
adding some easy wins for tracing(eventually metrics) that enable more
insight that what is currently possible. It normalizes these concerns
across the kv store.
this work is to support pkger, but was able to add back in the
skipped tests. seeing failures upstream, and didn't catch it in
influxdb b/c the tests were being skipped.
closes: #14799
In the event that findTaskByIDWithAuth cannot find the task ID contained
in the bucket, the outer loop will never terminate.
This ensures that we are calling Next() along-side any calls to continue
while using a Cursor.
this is a blocker for anyone who hits the endpoint services internally. They
had to know that they need to also know of hte secret service then do all that
put/delete alongside the operation. This makes that unified inside the store tx.
one other thing this does is make obvious the dependencies that
notification services has. In this case it is the secrets service it
depends on.
Task runs are stored and retrieved from the `taskRunsv1` bucket, but
when they are canceled they are incorrectly placed in the `tasksv1`
bucket. Once this has been done, further look ups of the task run fail,
because it is located in the wrong bucket.
This addresses the problem by placing them back into the `taskRunsv1`
bucket. An additional test has been added to ensure we are able to
successfully read a canceled run.
note: tests are seriously borked here. Cannot reuse any existing testing
as the setup is very particular and the http layer doesn't suppport everyting.
that being said, there are goign to be implicit testing in the
`launcher/pkger_test.go` file. This feels broken, and probably needs to be
readdressed before we GA a 2.0 influxdb....
This change ensures the following behavior:
* task LatestScheduled is always set when a task is updated and
transitions from a status of inactive to active
* task LatestScheduled is non-zero when created, to set the initial
schedule time as some point after it was created
In addition, the kv.Service introduces clock.Clock that is used for
task create and task updates only. This change permits testing
in a deterministic fashion.
This removes the bucket name validation from the KV BucketService,
and moves it to the http implementation of the service.
The effect is that API user requests still get validated but direct KV access does not
* chore: Remove several instances of WithLogger
* chore: unexport Logger fields
* chore: unexport some more Logger fields
* chore: go fmt
chore: fix test
chore: s/logger/log
chore: fix test
chore: revert http.Handler.Handler constructor initialization
* refactor: integrate review feedback, fix all test nop loggers
* refactor: capitalize all log messages
* refactor: rename two logger to log
* fix(http): Return an empty array if organization has no secret keys
* fix(http): Return an empty array if organization has no secret keys instead nil
A KV store may optionally implement a key predicate
function to filter on keys or values, which may reduce memory and
CPU usage.
Expected FindByTaskID resource mapping improvements for a single user:
Before:
206966085 ns/op 37672164 B/op 445060 allocs/op
After:
1514118 ns/op 11184 B/op 131 allocs/op
A KV store may optionally implement a key predicate
function to filter on keys, which may reduce memory and CPU usage.
Expected user resource mapping improvements for a single user:
Before:
3813719 ns/op 4170142 B/op 33 allocs/op
After:
316869 ns/op 816 B/op 15 allocs/op
* Removed an unused function as cleanup.
* Users without true system buckets won't have fake buckets returned if they don't specify their org in the request, but this shouldn't break tasks.
* feat(auth): add createdAt and updatedAt to authorization
Co-Authored-By: Ariel <ariel.salem1989@gmail.com>
* feat(auth): passing createAuth tests
* test: ensured that createdAt and updatedAt are valid on authorizations
Previously we overwrote the tasks existing latestCompleted to be used for latestCompleted as well as latestScheduled.
For obvious reasons this is confusing and missleading. I believe by seperating the two fields we can have a clear seperation
of concerns.
* feat(kv): unique variable names
- adds system bucket for creating an index of unique variable names
- adds tests
- deleted unit tests for dead code
- removed a test runner for the variable service from http
Implementations of the `kv.Bucket#Cursor` API may use
the hints to instruct the access or read behavior to
the underlying key/value store.
The `findAllTasks` function was also fixed to ensure
that paging works as expected when using a name filter.
Tests were added to verify this behavior.
Redundant error checks were also removed.
* feat: (http) label names to be unique
* feat(http): should work for updates as well
* chore: commented out former work. added a failing test
* feat: ensure label uniqueness & test cases
* feat: updating labels ensures uniqueness
* fix: fixes a failing unrelated test
* chore: update changelog
* feat(task): Allow tasks to run more isolated from other task systems
To allow the task internal system to be used for user created tasks as well
as checks, notification and other future additions we needed to take 2 actions:
1 - We need to use type as a first class citizen, meaning that task's have a type
and each system that will be creating tasks will set the task type through the api.
This is a change to the previous assumption that any user could set task types. This change
will allow us to have other service's white label the task service for their own purposes and not
have to worry about colissions between the types.
2 - We needed to allow other systems to add data specific to the problem they are trying to solve.
For this purpose adding a `metadata` field to the internal task system which should allow other systems to
use the task service.
These changes will allow us in the future to allow for the current check's and notifications implementations
to create a task with meta data instead of creating a check object and a task object in the database.
By allowing this new behavior checks, notifications, and user task's can all follow the same pattern:
Field an api request in a system specific http endpoint, use a small translation to the `TaskService` function call,
translate the results to what the api expects for this system, and return results.
* fix(task): undo additional check for ownerID because check is not ready
* Add TraceSpan parameter to GetNotificationEndpoints operation
* Fixed handler path for a list of all labels for a notification endpoint
* Fixed filter NotificationEndpoints by limit and offset
The http error schema has been changed to simplify the outward facing
API. The `op` and `error` attributes have been dropped because they
confused people. The `error` attribute will likely be readded in some
form in the future, but only as additional context and will not be
required or even suggested for the UI to use.
Errors are now output differently both when they are serialized to JSON
and when they are output as strings. The `op` is no longer used if it is
present. It will only appear as an optional attribute if at all. The
`message` attribute for an error is always output and it will be the
prefix for any nested error. When this is serialized to JSON, the
message is automatically flattened so a nested error such as:
influxdb.Error{
Msg: errors.New("something bad happened"),
Err: io.EOF,
}
This would be written to the message as:
something bad happened: EOF
This matches a developers expectations much more easily as most
programmers assume that wrapping an error will act as a prefix for the
inner error.
This is flattened when written out to HTTP in order to make this logic
immaterial to a frontend developer.
The code is still present and plays an important role in categorizing
the error type. On the other hand, the code will not be output as part
of the message as it commonly plays a redundant and confusing role when
humans read it. The human readable message usually gives more context
and a message like with the code acting as a prefix is generally not
desired. But, the code plays a very important role in helping to
identify categories of errors and so it is very important as part of the
return response.
At times snowflake id generation would create org and bucket IDs with
characters that had special meaning for the storage engine.
The storage engine concats the org and bucket bytes together into a
single 128 bit value. That value is used in the old measurement
section. Measurement was transformed into the tag, _measurement.
However, certain properties of the older measurement data location
are still required for the org/bucket bytes. We cannot have
commas, spaces, nor backslashes.
This PR puts a specific ID generator in place during the creation of
orgs and buckets. The IDs are just random numbers but with each
of the restricted chars incremented by one. While this changes the
entropy distribution somewhat, it does not matter too much for our
purposes.
... because now org and bucket ids are checked for previous existence
transactionally in the key-value stores. If the ID does already exist
then we try to generate a new key up to 100 times.
We need to only update the updated at time when we recieve a external request for
an update. LatestCompleted is an internal request from the scheduler.
When using a internal function in kv we can only use internal funciton calls.
By trying to use a Public function we attempt to create a read lock after acquiring a write lock
When a task was created we used to use a token, we then decided to switch to using
A user id. To facilitate this change we pull the users auth associated with the task
and use the auth's `GetUserID` method. This only works if they have not deleted the auth.
We need a fail safe way to populate the ownerID in the circumstance that the auth associated
with the task has been deleted. To facilitate this we can pull the UserResourceMapping's for the org
resource of the type `Owner` and use a organization owner as the task owner. This makes sense because
any organization owner also own's any part of the organization including tasks.
fix(notification/check): include tags in check object in generated flux
Closes https://github.com/influxdata/influxdb/issues/14769
fix(notification/check): use selected field in threshold functions
Closes https://github.com/influxdata/influxdb/issues/14776
fix(testing): add selected field for check tests
fix(check): use real flux for threshold check
feat(notification/check): generate flux for deadman checks
chore(endpoint): rename webhook endpoint to http endpoint
fix(notification/rule): fetch url for flux script off of endpoint
fix(notification/rule): clean up slack and http rules
fix(notification/rule): change MessageTemp to MessageTemplate
fix(rules): pass endpoint in to rule during create
fix(ui): rename webhook to http
feat(notification/check): namespace deadman under alerts
fix(notification/check): nest tags under tags key in data object in flux
wip
feat(kv): log error if urm cannot be deleted for notification rule
fix(notification/rule): remove name from notify call in slack rule
chore(ui/cypress/e2e): skip rule create test
If a task is created and the auth associated is removed
lookup of tasks currently fail. This is bad behavior.
We should expect to be able to at least see and delete task's that
have old auth.
* fix(task): Remove unnecessary auth lookups
Currently we look up task authorization for all task lookups even if we are only
looking up the task for internal use's. We can keep the same interface but cutdown
on the amount of lookups we do by using seperate internal functions for task lookup
and task with id lookup
Johnny Steenbergen
jlapacik
Lyon Hill
Alirie Gray
George
Jonathan A. Sternberg
Yiqun (Ethan) Zhang
Lorenzo Affetti
Marc Delagrammatikas
Gavin Cabbage
Greg
Brett Buddin
Chris Goller
Christopher M. Wolff
Kelvin Wang
Gavin Cabbage
Jacob Marble
Zoe Steinkamp
Deniz Kusefoglu
Stuart Carnie
Nathaniel Cook
Jakub Bednář
Deary Hudson III
Jade McGough
Ariel Salem
Deary Hudson III
Brandon Farmer
Deary Hudson
Ben Johnson
Michael Desa